<?php

// Declare environment connect to database
include("include.php");

//Khoi tao mot session hoac lay lai gia tri trong cookie
if (!headers_sent()) {session_start();} 

$title="Login";
$sFileName = "login.php";

$sFormErr = "";
$sAction = get_param("FormAction");
$sForm = get_param("FormName");


//-- handling actions
switch ($sForm)
{
  case "Form":
    Form_action($sAction);
  break;
}
?>
<html>
<head></head>
<body>
<table border='0' width='100%' cellpadding='0' cellspacing='1'>
<tr>

    <td height="300">
      <table border='0' width='100%' cellpadding='0' cellspacing='0'>
                          <tr>
                            <td width="1%">&nbsp;</td>
                            <td>

            <table border='0' class='boxframe' width='50%' cellpadding='0' cellspacing='0' align="center">
              <tr>
                                  <td>

                  <table border='0' width='100%' cellpadding='0' cellspacing='1' align="center">
                    <tr>
                                        <td>

                        <table border='0' class='line' width='100%' cellpadding='0' cellspacing='0' align="center">
                          <tr>

                            <td width="74%" height="200" align="center">


<?php Form_Show() ?>

							</td>
                          </tr>
                                          </table>
                                        </td>
                    </tr>
                                    </table>
              </table>

                            </td>
                            <td width="1%">&nbsp;</td>
                          </tr>
      </table>
<table border='0' cellpadding='0' cellspacing='0' width='100%'>
                          <tr>
                            <td align='right' class='footstat' valign='top' >&nbsp;</td>
                          </tr>
      </table>
</td>
                      <td width="0">&nbsp;</td>
  </tr></table>



<?

//********************************************************************************

function Form_action($sAction)
{
  global $sFormErr;


  switch($sAction)
  {
case "login":
	$sLogin = get_param("Login", adText);
	$sPassword = get_param("Password", adText);
    $sPassword = md5($sPassword); //Ma hoa password
	//step 1 - string_SQL
	$sSQL =  " SELECT User_ID, User_Level FROM user WHERE User_Login =" . tosql($sLogin,"Text") . " AND Password=" . tosql($sPassword,"Text") ;
//	print"<br>". $sSQL; //Debug

	//step 2 - connect db & query
    $dbconn1 = new my_db;
	$dbconn1->open(DATABASE_HOST,DATABASE_USER,DATABASE_PASSWORD,DATABASE_NAME,DBSTYLE);
	$stmt= new db_query($dbconn1,$sSQL);
	//Kiem tra xem Neu login duoc thi luu UserID & UserRights
	if ($stmt->getrow())
	{

  		set_session("UserID", $stmt->row["User_ID"]);			//Luu UserID
  		set_session("UserRights", $stmt->row["User_Level"]);	//Luu UserRights

		//Debug



		$sQueryString = get_param("querystring");
        $sPage = get_param("ret_page");

		if (strlen($sPage))
		{
    		header("Location: " . $sPage);
		}
        else
		{
		    	header("Location: index.php");
		} //End if
	}
      else
      $sFormErr = "T&ecirc;n &#273;&#259;ng nh&#7853;p ho&#7863;c m&#7853;t kh&#7849;u sai!";


    break;

case "logout":
	session_unregister("UserID");
	session_unregister("UserRights");
	break;
  }
}

function Form_Show()
{
  global $sFormErr;

  global $db;
  global $sFileName;
  global $styles;

  $sQueryString = get_param("querystring");
  $sPage = get_param("ret_page");
  $sLogin = get_param("Login", adText);

  //-- table header
  ?>

    <table border="0" cellspacing="0" cellpadding="2">
    <form action="<?= $sFileName ?>" method="POST">
    <input type="hidden" name="FormName" value="Form">

    <tr>
      <td align="center" bgcolor="#99CCFF" colspan="2"><font style="font-size: 12pt; color: #000000; font-family: Arial, Tahoma, Verdana, Helvetica; font-weight: bold">Qu&#7843;n l&yacute; website </font></td>
    </tr>
    <? if ($sFormErr) { ?>
    <tr><td colspan="2" bgcolor="#F5F5F5"><font style="font-size: 10pt; color: #000000; font-family: Arial, Tahoma, Verdana, Helvetica"><?= $sFormErr ?></font></td></tr>
    <? } ?>

  <?

  if(get_session("UserID") == "") //-- user isn't logged in yet
  {
    ?>
      <tr>
        <td bgcolor="#FFFF99"><font style="font-size: 10pt; color: #000000; font-family: Arial, Tahoma, Verdana, Helvetica">T&ecirc;n &#273;&#259;ng nh&#7853;p </font></td>
        <td bgcolor="#F5F5F5"><input type="text" name="Login" value="<?= $sLogin ?>" maxlength="20"></td></tr>
      <tr>
        <td bgcolor="#FFFF99"><font style="font-size: 10pt; color: #000000; font-family: Arial, Tahoma, Verdana, Helvetica">M&#7853;t kh&#7849;u </font></td>
        <td bgcolor="#F5F5F5"><input type="password" name="Password" maxlength="30"></td></tr>
      <tr><td colspan="2" align="center">
      <input type="hidden" name="FormAction" value="login">
      <input type="submit" value="&#272;&#259;ng nh&#7853;p">
      </td></tr>
    <?
  }

  else //-- user already logged in
  {
		echo("<script language=JavaScript> document.location='index.php';</script>");
  }
 ?>
 
  <input type="hidden" name="ret_page" value="<?= $sPage ?>"><input type="hidden" name="querystring" value="<?= $sQueryString ?>"></td></tr>
  </form></table>
</body>
</html>
<?
}
?>